HPE OneView
cancel
Showing results for 
Search instead for 
Did you mean: 

Trouble using AD group

SOLVED
Go to solution

Trouble using AD group

I am having trouble using Active Directory group authentication. Users in the Domain Admins do not have any issues while users in all other groups are unable to login using their AD credentials.

 

Error Message

"Invalid username or password. Enter correct credentials and try again. To obtain a username or password, contact your security administrator."

 

I suspect some special permissions on AD are needed. Can anyone tell me what those permissions are?

8 REPLIES
ChrisLynchHPE
Neighborhood Moderator

Re: Trouble using AD group

Have you added the Directory Groups you need to the HP OneView appliance?  Did you specify the OU where the other AD Security Groups are located?  What version of the HP OneView appliance are you using?

Re: Trouble using AD group

Yes. The groups and the user objects are in the same OU. I can search and add the groups as well. The verion of OneView is 1.10. These groups are real AD groups with real users and were working with OA.

 

Initially I thought of integration issues. However, users in the Domain Admins group are perfectly all right. I suspect rights issues mainly because the connect to AD step before I could search for groups worked only with a domain admin user account. And why everything is working well with OA?

ChrisLynchHPE
Neighborhood Moderator
Solution

Re: Trouble using AD group

There are no special permissions needed or required to access non-Domain Admin accounts.  That is unless you have modified the default OU permissions that prevent the user you are trying to authenticate with by removing atleast the Read permission of the OU and child objects.

 

You stated you are using 1.10, but that's the major and minor release.  The original 1.10 release is 1.10.03, and we have published 2 patches since then: 1.10.05 and 1.10.07.  1.10.07 addresses a number of LDAP/AD authentication issues, and I would encourage you patch your appliance if you are running 1.10.05. 

 

You can see the exact version by going to the Top Level Menu (the HP OneView icon in the upper left), then select Settings.  In that screen, you can see the product version inthe Appliance panel:

 

2014-11-21_10-35-10.png

Re: Trouble using AD group

That might be the case.  This is the version 1.10.03-103740, Jun 26, 2014. 

ChrisLynchHPE
Neighborhood Moderator

Re: Trouble using AD group

There are no known LDAP/AD issues with 1.10.03.  1.10.05 was completely broken and one of the major reasons why the 1.10.07 patch was released.

 

And please refrain from posting or discussing unreleased or unannounced versions/products in this public forum.

Re: Trouble using AD group

I don't know if HP is aware of the issues. But I have faced a couple of issues with 1.10.03. But with 1.10.07 update those issues are gone. Now I can add the AD groups using a non-domain admin user account. And all users in that group are able to log in.

 

My initial attempt to update got stuck at around 30%. The second one succeeded in an hour.

ChrisLynchHPE
Neighborhood Moderator

Re: Trouble using AD group

There are no known LDAP/AD issues with 1.10.03, unlike 1.10.05. Again, there are no special LDAP/AD permissions needed for security directory integration.

Re: Trouble using AD group

Unfortunately we couldn't agree on this. But I am happy 1.10.07 is working well.